package org.sao.geteway.componet.config;


import org.sao.common.constant.bean.config.FilterUrlsPropertiesConifg;
import org.sao.geteway.componet.handler.SaoAccessDeniedHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;

/**
 * @author zhangyang
 * @date 2017/10/27
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
	
	
	
    @Autowired
    private OAuth2WebSecurityExpressionHandler expressionHandler;
	@Autowired
	private FilterUrlsPropertiesConifg filterUrlsPropertiesConifg;
	@Autowired
	private SaoAccessDeniedHandler saoAccessDeniedHandler;
	
	
	@Override
    public void configure(HttpSecurity http) throws Exception {
        //允许使用iframe 嵌套，避免swagger-ui 不被加载的问题
        http.headers().frameOptions().disable();
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
                .authorizeRequests();
        for (String url : filterUrlsPropertiesConifg.getAnon()) {
            registry.antMatchers(url).permitAll();      //配置的路径可以访问
        }
        registry.anyRequest()
         //       .access("@permissionService.hasPermission(request,authentication)");  //#其余的请求 表达式为true可以访问
        .authenticated();
    }
	
	
	 @Override
	    public void configure(ResourceServerSecurityConfigurer resources) {
	        resources.expressionHandler(expressionHandler);
	        resources.accessDeniedHandler(saoAccessDeniedHandler);
	    }
	
	 
	 /**
	     * 配置解决 spring-security-oauth问题
	     * https://github.com/spring-projects/spring-security-oauth/issues/730
	     *
	     * @param applicationContext ApplicationContext
	     * @return OAuth2WebSecurityExpressionHandler
	     */
	    @Bean
	    public OAuth2WebSecurityExpressionHandler oAuth2WebSecurityExpressionHandler(ApplicationContext applicationContext) {
	        OAuth2WebSecurityExpressionHandler expressionHandler = new OAuth2WebSecurityExpressionHandler();
	        expressionHandler.setApplicationContext(applicationContext);
	        return expressionHandler;
	    }
 
    /**
     * 加密方式
     * @return
     */
    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
}